Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Any “Password manager” is an ADITIONAL threat to your security.
And you have 0 guaranties they don’t sell your infos. For all passwords.
I don’t know ANY company I would trust with all my passwords. -
@bahua Your password manager is developed by someone, right ?
Or you coded one your self for you ? -
@bahua And you mention "chrome's password vault". Soo, pretty sure google already have every single password you use.
And probably somewhere in a text file on thier internal network -
endor57515y@NoToJavaScript there are open source password managers that only store your database locally. Keepass2, for example. It has been audited too, multiple times
-
bahua129055y@NoToJavaScript
I didn't mention chrome. The OP did. The OP didn't mention a company. When I think of a password manager, I first think of the FOSS project that maintains my password manager, keepass. They develop it, but they certainly do not host my database. -
@NoToJavaScript So I am supposed to memorize the 1000 passwords of every site I ever signed up for and maybe change them once in a while as well? That's what muggles try and then they use the same shitty password everywhere. Yeah, much more secure than an encrypted offline database used by an audited open source password manager.
-
Root825385yKeepassxc has a browser integration that makes for decent UX.
But don't use Chrome.
If you must, use Chromium. -
Personally I never use any online service for passwords, so I use Keepass.
Also, don't browsers have issues where extensions and plugins can access stored passwords? -
Hazarth94765yI store my passworda in text files obfuscated by other information, garbage and stored all over the place in files with completely unrelated names, sometimes other possible ones. So really only I'm able to know that even is a password for anything. Id say that's more secure that putting all the passwords in one place tbh
-
@Hazarth This seems very messy. How do you deal with in on multiple devices, especially mobile?
If you're worried that your database gets stolen you should worry just as much about your keystrokes or your screen getting recorded. -
Hazarth94765y@saucyatom oh, I don't have anything important installed on my mobile device. So most things here use a password I remember but don't care much about. Easentially I only really need to manage my main email password here, and that's not much of a problem. I do remember some of my more important passwords without putting them anywhere (or just temporarily before I get used to them)
-
endor57515y@Hazarth security through obscurity is never a good idea, no matter what your threat model is
-
Hazarth94765y@endor perhaps, tho its mostly for non-essential accounts really. Idk, works for me so far
Related Rants
Would it be clever to use a password manager with randomized passwords and also store them in chrome's password vault?
I mean it's less secure, yes, but should something bad really happen I can just change the password and this would be a good upgrade in terms of user experience
What do you guys think?
random
security
manager
chrome
password